Improvements to the ECC max bits calculation used with fast math (USE_FAST_MATH and ALT_ECC_SIZE). Updated example code comments to reflect accurate calculation.

IDE/GCC-ARM/Header/user_settings.h

@@ -189,14 +189,17 @@ extern "C" {
 
     /* Use alternate ECC size for ECC math */
     #ifdef USE_FAST_MATH
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
         #ifdef NO_RSA
             /* Custom fastmath size if not using RSA */
-            /* MAX = ROUND32(ECC BITS 256) + SIZE_OF_MP_DIGIT(32) */
             #undef  FP_MAX_BITS
-            #define FP_MAX_BITS     (256 + 32)
+            #define FP_MAX_BITS     (256 * 2)
         #else
             #undef  ALT_ECC_SIZE
             #define ALT_ECC_SIZE
+            /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
+            //#undef  FP_MAX_BITS_ECC
+            //#define FP_MAX_BITS_ECC (256 * 2)
         #endif
 
         /* Speedups specific to curve */

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings.h

@@ -34,11 +34,11 @@
     #undef ECC_USER_CURVES
     #define ECC_USER_CURVES
 
-    #undef ECC_ALT_SIZE
-    #define ECC_ALT_SIZE
+    #undef ALT_ECC_SIZE
+    #define ALT_ECC_SIZE
 
     #undef FP_MAX_BITS_ECC
-    #define FP_MAX_BITS_ECC 528
+    #define FP_MAX_BITS_ECC (256 * 2)
 
     #undef TFM_TIMING_RESISTANT
     #define TFM_TIMING_RESISTANT

IDE/IAR-EWARM/embOS/SAMV71_XULT/embOS_SAMV71_XULT_user_settings/user_settings_verbose_example.h

@@ -84,11 +84,13 @@
     #define ECC_TIMING_RESISTANT
 
     #ifdef USE_FAST_MATH
-        /* Max ECC bits (curve size * 8). ECC521 is (66*8) = 528. */
         #undef  ALT_ECC_SIZE
         #define ALT_ECC_SIZE
-        #undef  FP_MAX_BITS_ECC
-        #define FP_MAX_BITS_ECC     528
+
+        /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
+        //#undef  FP_MAX_BITS_ECC
+        //#define FP_MAX_BITS_ECC (528 * 2)
 
         /* Enable TFM optimizations for ECC */
         #define TFM_ECC192

IDE/IAR-EWARM/embOS/custom_port/custom_port_user_settings/user_settings.h

@@ -31,11 +31,11 @@
     #undef ECC_USER_CURVES
     #define ECC_USER_CURVES
 
-    #undef ECC_ALT_SIZE
-    #define ECC_ALT_SIZE
+    #undef ALT_ECC_SIZE
+    #define ALT_ECC_SIZE
 
     #undef FP_MAX_BITS_ECC
-    #define FP_MAX_BITS_ECC 528
+    #define FP_MAX_BITS_ECC (256 * 2)
 
     #undef TFM_TIMING_RESISTANT
     #define TFM_TIMING_RESISTANT

IDE/LPCXPRESSO/lib_wolfssl/user_settings.h

@@ -22,7 +22,8 @@
 
 #define FP_LUT                   4
 #define FP_MAX_BITS              2048 /* 4096 */
-#define FP_MAX_BITS_ECC          512
+#define ECC_USER_CURVES /* Disables P-112, P-128, P-160, P-192, P-224, P-384, P-521 but leaves P-256 enabled */
+#define FP_MAX_BITS_ECC          (256 * 2)
 #define ALT_ECC_SIZE
 #define USE_FAST_MATH
 #define SMALL_SESSION_CACHE
@@ -52,7 +53,6 @@
 #define NO_64BIT
 #define NO_WOLFSSL_SERVER
 #define NO_OLD_TLS
-#define ECC_USER_CURVES /* Disables P-112, P-128, P-160, P-192, P-224, P-384, P-521 but leaves P-256 enabled */
 #define NO_DES3
 #define NO_MD5
 #define NO_RC4

IDE/WICED-STUDIO/user_settings.h

@@ -595,7 +595,7 @@ extern unsigned int my_rng_seed_gen(void);
 #endif
 
 #if 1
-    #define FP_MAX_BITS_ECC 512
+    #define FP_MAX_BITS_ECC (256 + 32)
 #endif
 
 /* ------------------------------------------------------------------------- */

wolfssl/wolfcrypt/ecc.h

@@ -278,14 +278,15 @@ typedef struct ecc_set_type {
  * mp_ints for the components of the point. With ALT_ECC_SIZE, the components
  * of the point are pointers that are set to each of a three item array of
  * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
- * structure, the alt_fp_int will only have 528 bits. A size value was added
- * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The
- * functions fp_zero() and fp_copy() use the size parameter. An int needs to
- * be initialized before using it instead of just fp_zeroing it, the init will
- * call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the
- * number of bits used in the alternate FP_INT.
+ * structure, the alt_fp_int will only have 512 bits for ECC 256-bit and 
+ * 1056-bits for ECC 521-bit. A size value was added in the ALT case, as well, 
+ * and is set by mp_init() and alt_fp_init(). The functions fp_zero() and 
+ * fp_copy() use the size parameter. An int needs to be initialized before 
+ * using it instead of just fp_zeroing it, the init will call zero. The 
+ * FP_MAX_BITS_ECC defaults to calculating based on MAX_ECC_BITS, but 
+ * can be set to change the number of bits used in the alternate FP_INT.
  *
- * Do not enable ALT_ECC_SIZE and disable fast math in the configuration.
+ * The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH.
  */
 
 #ifndef USE_FAST_MATH
@@ -294,19 +295,18 @@ typedef struct ecc_set_type {
 
 /* determine max bits required for ECC math */
 #ifndef FP_MAX_BITS_ECC
-    /* check alignment */
-    #if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0
-        /* max bits is double */
-        #define FP_MAX_BITS_ECC     (MAX_ECC_BITS * 2)
-    #else
-        /* max bits is doubled, plus one digit of fudge */
-        #define FP_MAX_BITS_ECC     ((MAX_ECC_BITS * 2) + DIGIT_BIT)
-    #endif
-#else
-    /* verify alignment */
-    #if FP_MAX_BITS_ECC % CHAR_BIT
-       #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
-    #endif
+    /* max bits rounded up by 8 then doubled */
+    /* (ROUND8(MAX_ECC_BITS) * 2) */
+    #define FP_MAX_BITS_ECC (2 * \
+        ((MAX_ECC_BITS + DIGIT_BIT - 1) / DIGIT_BIT) * DIGIT_BIT)
+
+    /* Note: For ECC verify only FP_MAX_BITS_ECC can be reduced to:
+             ROUND8(MAX_ECC_BITS) + ROUND8(DIGIT_BIT) */
+#endif
+
+/* verify alignment */
+#if FP_MAX_BITS_ECC % CHAR_BIT
+    #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
 #endif
 
 /* determine buffer size */